Details of VAR-202601-0734

ID

VAR-202601-0734

CVE

CVE-2025-58693

TITLE

fortinet's FortiVoice Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-001337

DESCRIPTION

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. However, all information handled by the software may be rewritten. Furthermore, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability do not affect other software

Trust: 1.62

sources: NVD: CVE-2025-58693 // JVNDB: JVNDB-2026-001337

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortivoice	scope:	lt	version:	7.0.8	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	7.2.3	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	eq	version:	7.0.0 that's all 7.0.8	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	eq	version:	7.2.0 that's all 7.2.3	Trust: 0.8

sources: JVNDB: JVNDB-2026-001337 // NVD: CVE-2025-58693

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2025-58693
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2026-001337
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2025-58693
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-001337
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001337 // NVD: CVE-2025-58693

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001337 // NVD: CVE-2025-58693

PATCH

title:

PSIRT | FortiGuard Labs

url:

https://fortiguard.fortinet.com/psirt/FG-IR-25-778

Trust: 0.8

sources: JVNDB: JVNDB-2026-001337

EXTERNAL IDS

db:	NVD	id:	CVE-2025-58693	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001337	Trust: 0.8

sources: JVNDB: JVNDB-2026-001337 // NVD: CVE-2025-58693

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-25-778	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-58693	Trust: 0.8

sources: JVNDB: JVNDB-2026-001337 // NVD: CVE-2025-58693

SOURCES

db:	JVNDB	id:	JVNDB-2026-001337
db:	NVD	id:	CVE-2025-58693

LAST UPDATE DATE

2026-01-19T23:39:15.105000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001337	date:	2026-01-16T05:22:00
db:	NVD	id:	CVE-2025-58693	date:	2026-01-14T21:34:22.663

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001337	date:	2026-01-16T00:00:00
db:	NVD	id:	CVE-2025-58693	date:	2026-01-13T17:15:57.940